IRS Database Security Could Use a Tuneup

Some of the 2,200 databases that the IRS uses to manage and process taxpayer data are not configured securely, are running out-of-date software, and no longer receive security patches.

Nor has the IRS fully implemented its plans to complete vulnerability scans of its databases — although the IRS spent more than $1.1 million in software licenses and support costs for a database vulnerability scanning and compliance assessment tool, it did not fully implement it. TIGTA used database vulnerability assessment software to conduct remote scans of the primary databases for 13 applications supporting critical tax administration business processes. Its review found high and medium risk vulnerabilities, as classified by the scanning tool in each of the 13 databases. [TIGTA via TaxProf]

Some of the 2,200 databases that the IRS uses to manage and process taxpayer data are not configured securely, are running out-of-date software, and no longer receive security patches.

Nor has the IRS fully implemented its plans to complete vulnerability scans of its databases — although the IRS spent more than $1.1 million in software licenses and support costs for a database vulnerability scanning and compliance assessment tool, it did not fully implement it. TIGTA used database vulnerability assessment software to conduct remote scans of the primary databases for 13 applications supporting critical tax administration business processes. Its review found high and medium risk vulnerabilities, as classified by the scanning tool in each of the 13 databases. [TIGTA via TaxProf]

Latest Accounting Jobs--Apply Now:

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles

Your Naughty IRS Agent of the Day

His name is Bryan Cho (aka “Yong Hee Cho”) and he was the recipient of a 10-count indictment from the U.S. Attorney’s Office of the Eastern District of New York on Jan. 26, charged with possession of a fake foreign passport, aggravated identity theft, making false statements during a background check, and wire fraud in […]